Your Logo
Hello World, I’m
Hello

Ermiyas Tilahun

I Help Organizations Manage Cyber Risk and Stay Compliant by bridging Governance with Hands-on Cybersecurity Expertise in VA/PT, SIEM & Security Monitoring

GRC | NIST | ISO 27001 | PCI DSS | SOC2 | Security Services

About me

Seasoned Cybersecurity GRC professional with 10+ years in banking and finance. As Manager of IT Security Risk Assessment & Change Management, I lead enterprise risk management, security assessments, compliance, and change governance. Expert in implementing global frameworks including ISO 27001, NIST, COBIT, SOC 2, SWIFT, and PCI DSS. I blend deep technical skills in vulnerability assessment, penetration testing, SIEM, and ethical hacking with strong governance and leadership to build resilient, secure banking environments. Passionate about turning risks into robust security postures.

M.A. in Project Management       |       B.Sc. in Computer Science

Skills and Tools

Governance & Compliance

ISO 27001 (ISMS Implementation & Audit Support)

PCI DSS Compliance

Security Policies & Procedures Development

Internal & External Audit Coordination

Control Design & Implementation

Regulatory Compliance Mapping

Risk Management & Assessment

Risk Assessment & Risk Register Management

Risk Treatment Planning

Business Impact Analysis (BIA)

Third-Party Risk Management

Vulnerability Assessment (VA)

Penetration Testing (PT) Coordination

Offensive Security & Testing

Ethical Hacking Methodologies

Web Application Security Testing

Burp Suite (Proxy, Scanner, Repeater)

OWASP Top 10 Testing

Reconnaissance & Enumeration

Basic Exploitation Techniques

Security Architecture & Engineering

Secure System Design Principles

Access Control & Identity Management

Network Security Concepts

Secure Configuration & Hardening

API Security Basics

Secure SDLC Awareness

Audit, Monitoring & Reporting

Security Audits & Gap Analysis

Control Effectiveness Review

Compliance Reporting

KPI / KRI Definition & Tracking

Log Review & Basic Monitoring

Documentation & Evidence Management

Security Awareness & Training

Security Awareness Programs

Phishing Awareness & Simulation Support

Policy Awareness Campaigns

End-User Training Materials

Social Engineering Risk Education

Compliance Specific Awarness Training

React
Next.js

Certifications and Achievments

Testimonials

  • To be, or not to be, that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take Arms against a Sea of troubles, And by opposing end them: to die, to sleep.
    William ShakeeareHamlet
  • To be, or not to be, that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take Arms against a Sea of troubles, And by opposing end them: to die, to sleep.
    William ShakespeareHamlet
  • All that we see or seem is but a dream within a dream.
    Edgar Allan PoeA Dream Within a Dream
  • It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife.
    Jane AustenPride and Prejudice
  • Call me Ishmael. Some years ago—never mind how long precisely—having little or no money in my purse, and nothing particular to interest me on shore, I thought I would sail about a little and see the watery part of the world.
    Heran MelvilleMby-Dick
  • Call me Ishmael. Some years ago—never mind how long precisely—having little or no money in my purse, and nothing particular to interest me on shore, I thought I would sail about a little and see the watery part of the world.
    Herman MelilleMoby-Dik
  • Call me Ishmael. Some years ago—never mind how long precisely—having little or no money in my purse, and nothing particular to interest me on shore, I thought I would sail about a little and see the watery part of the world.
    Herman MelvileMoby-Dick

© 2026 Ermiyas.com | All right reserved.